PortSwigger11 小时
Using Burp to Test for Cross-Site Request Forgery (CSRF)
Cross-site request forgery (CSRF) is an attack which forces an end user to execute unwanted actions on a web application to which they are currently authenticated. CSRF vulnerabilities may arise when ...
PortSwigger6 天
Duplicate cookies set
The response contains two or more Set-Cookie headers that attempt to set the same cookie to different values. Browsers will only accept one of these values, typically ...
PortSwigger6 天
Spoofable client IP address
If an application trusts an HTTP request header like X-Forwarded-For to accurately specify the remote IP address of the connecting client, then malicious clients can spoof their IP address. This ...
PortSwigger6 天
Burp Suite performance upgrades - making your workflow more efficient.
In Burp Suite, your large project files now load faster, even if you’ve got a large number of Repeater tabs. These new changes have significantly reduced memory usage, and will noticeably reduce UI ...